CVSS: 4.4EPSS: 0%CPEs: 22EXPL: 0CVE-2022-20066
https://notcve.org/view.php?id=CVE-2022-20066
11 Apr 2022 — In atf (hwfde), there is a possible leak of sensitive information due to incorrect error handling. This could lead to local information disclosure with System execution privileges needed. • https://corp.mediatek.com/product-security-bulletin/May-2022 • CWE-755: Improper Handling of Exceptional Conditions •
CVSS: 6.7EPSS: 0%CPEs: 32EXPL: 0CVE-2022-20065
https://notcve.org/view.php?id=CVE-2022-20065
11 Apr 2022 — This could lead to local information disclosure with System execution privileges needed. • https://corp.mediatek.com/product-security-bulletin/April-2022 • CWE-125: Out-of-bounds Read •
CVSS: 7.2EPSS: 0%CPEs: 39EXPL: 0CVE-2022-20064
https://notcve.org/view.php?id=CVE-2022-20064
11 Apr 2022 — In ccci, there is a possible leak of kernel pointer due to an incorrect bounds check. This could lead to local information disclosure with System execution privileges needed. • https://corp.mediatek.com/product-security-bulletin/April-2022 • CWE-125: Out-of-bounds Read •
CVSS: 5.9EPSS: 0%CPEs: 29EXPL: 0CVE-2022-20081
https://notcve.org/view.php?id=CVE-2022-20081
11 Apr 2022 — This could lead to remote information disclosure with no additional execution privileges needed. • https://corp.mediatek.com/product-security-bulletin/April-2022 • CWE-295: Improper Certificate Validation •
CVSS: 9.1EPSS: 0%CPEs: 4EXPL: 0CVE-2022-0567 – ovn-kubernetes: Ingress network policy can be overruled by egress network policy on another pod
https://notcve.org/view.php?id=CVE-2022-0567
11 Apr 2022 — This issue results in information disclosure and other attacks on other pods that should not be reachable. • https://bugzilla.redhat.com/show_bug.cgi?id=2053326 • CWE-20: Improper Input Validation CWE-179: Incorrect Behavior Order: Early Validation •
CVSS: 7.8EPSS: 0%CPEs: 26EXPL: 0CVE-2022-28893 – kernel: use after free in SUNRPC subsystem
https://notcve.org/view.php?id=CVE-2022-28893
11 Apr 2022 — This flaw allows a local attacker to crash the system, leading to a kernel information leak issue. • http://www.openwall.com/lists/oss-security/2022/04/11/3 • CWE-416: Use After Free •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2022-25794 – Autodesk FBX Review ABC File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2022-25794
11 Apr 2022 — An Out-Of-Bounds Read Vulnerability in Autodesk FBX Review version 1.5.2 and prior may lead to code execution through maliciously crafted ActionScript Byte Code 'ABC' files or information disclosure. • https://www.autodesk.com/trust/security-advisories/adsk-sa-2022-0006 • CWE-125: Out-of-bounds Read •
CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 1CVE-2022-1290 – Stored XSS in "Name", "Group Name" & "Title" in polonel/trudesk
https://notcve.org/view.php?id=CVE-2022-1290
10 Apr 2022 — This allows attackers to execute malicious scripts in the user's browser and it can lead to session hijacking, sensitive data exposure, and worse. • https://github.com/polonel/trudesk/commit/4f48b3bb86ba66a0085803591065bb6437e864ec • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2022-24428
https://notcve.org/view.php?id=CVE-2022-24428
08 Apr 2022 — A remote filesystem user with a local account could potentially exploit this vulnerability, leading to an escalation of file privileges and information disclosure. • https://www.dell.com/support/kbdoc/en-us/000197991/dell-emc-powerscale-onefs-security-update-for-multiple-component-vulnerabilities • CWE-281: Improper Preservation of Permissions •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 2CVE-2022-28363 – Reprise License Manager 14.2 Cross Site Scripting / Information Disclosure
https://notcve.org/view.php?id=CVE-2022-28363
08 Apr 2022 — No es requerida autenticación Reprise License Manager version 14.2 suffers from cross site scripting and information disclosure vulnerabilities. • http://packetstormsecurity.com/files/166647/Reprise-License-Manager-14.2-Cross-Site-Scripting-Information-Disclosure.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •